From c9c7a26a8c3842c6aaa61eb367e6c3c623631a54 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Thu, 12 Jun 2025 11:01:35 -0400 Subject: [PATCH] Add websocket support to mosquitto --- modules/hosts/nixos/hetznix01/default.nix | 1 + .../nixos/hetznix01/post-install/mosquitto.nix | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/modules/hosts/nixos/hetznix01/default.nix b/modules/hosts/nixos/hetznix01/default.nix index 3e073d8..60b8f07 100644 --- a/modules/hosts/nixos/hetznix01/default.nix +++ b/modules/hosts/nixos/hetznix01/default.nix @@ -35,6 +35,7 @@ 8333 # Bitcoin Core 8448 # Matrix Synapse 8883 # mqtt over tls + 9001 # mqtt websockets over tls 9735 # LND ]; # firewall.allowedUDPPorts = [ ... ]; diff --git a/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix b/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix index 6aa8c5a..5e6a7fe 100644 --- a/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix +++ b/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix @@ -75,6 +75,7 @@ }; in [ { + port = 1883; users = mqtt_users; settings.allow_anonymous = false; } @@ -82,7 +83,7 @@ port = 8883; users = mqtt_users; settings = let - certDir = config.security.acme.certs."mqtt.technicalissues.us".directory; + certDir = config.security.acme.certs."mqtt.technicalissues.us".directory; in { allow_anonymous = false; keyfile = certDir + "/key.pem"; @@ -90,6 +91,19 @@ cafile = certDir + "/chain.pem"; }; } + { + port = 9001; + users = mqtt_users; + settings = let + certDir = config.security.acme.certs."mqtt.technicalissues.us".directory; + in { + allow_anonymous = false; + keyfile = certDir + "/key.pem"; + certfile = certDir + "/cert.pem"; + cafile = certDir + "/chain.pem"; + protocol = "websockets"; + }; + } ]; };